i have created 2 pages
update.php
edit.php
we start on edit.php so here is edit.php's script
<?php
$id = $_SESSION["id"];
$username = $_POST["username"];
$fname = $_POST["fname"];
$password = $_POST["password"];
$email = $_POST["email"];
mysql_connect('mysql13.000webhost.com', 'a2670376_Users', 'Password') or die(mysql_error());
echo "MySQL Connection Established! <br>";
mysql_select_db("a2670376_Pass") or die(mysql_error());
echo "Database Found! <br>";
$query = "UPDATE members SET username = '$username', fname = '$fname',
password = '$password' WHERE id = '$id'";
$res = mysql_query($query);
if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>
<form action="update.php" method="post">
<input type="hidden" name="id" value="<?=$id;?>">
ScreenName:<br> <input type='text' name='username' id='username' maxlength='25' style='width:247px' name="username" value="<?=$username;?>"/><br>
FullName:<br> <input type='text' name='fname' id='fname' maxlength='20' style='width:248px' name="ud_img" value="<?=$fname;?>"/><br>
Email:<br> <input type='text' name='email' id='email' maxlength='50' style='width:250px' name="ud_img" value="<?=$email;?>"/><br>
Password:<br> <input type='text' name='password' id='password' maxlength='25' style='width:251px' value="<?=$password;?>"/><br>
<input type="Submit">
</form>
now here is the update.php page where i am having the MAJOR problem
<?php
session_start();
mysql_connect('mysql13.000webhost.com', 'a2670376_Users', 'Password') or die(mysql_error());
mysql_select_db("a2670376_Pass") or die(mysql_error());
$id = (int)$_SESSION["id"];
$username = mysql_real_escape_string($_POST["username"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$query="UPDATE members
SET username = '$username', fname = '$fname', email = '$email', password = '$password'
WHERE id='$id'";
mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){
echo "<p>($id) Record Updated<p>";
}else{
echo "<p>($id) Not Updated<p>";
}
?>
now on edit.php i fill out the form to edit the account "test" while i am logged into it now once the form if filled out i click on |Submit!| button
and it takes me to update.php and it returns this
(0) Not Updated
(0) <= id of user logged in
Not Updated <= MySql Error from
mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){
i want it to update the user logged in and if i am not mistaken in this script it says
$id = (int)$_SESSION["id"];
witch updates the user with the id of the person who is logged in
but it isnt updating its saying that no tables were effected
if it helps heres my MySql Database picture
just click here http://i50.tinypic.com/21juqfq.png
even with
session_start();
it wont work returns the same thinf as before
it appears that you have not started your session, therefore $_SESSION['id'] is not set.
session_start();
And, as always don't use mysql_* functions, that time has gone. Use mysqli or PDO
it seems your session might have times out or you did not even initialize it at all.
from your output it shows the id is 0 so there is your problem
Related
I'm making video-portal, so I've authentication system and if I post some comment, or image sessions disapper.
And i Get "Undefined index: email in C:\xampp\htdocs\social_site\assets\login.php on line 2"
AND "Notice: Undefined index: password in C:\xampp\htdocs\social_site\assets\login.php on line 3
".
login.php
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM members WHERE email='$email'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($query);
$hash_password = $row['password'];
$hash = password_verify( $password, $hash_password);
$y = $_session['username'] = $row['username'];
$x = $_session['id'] = $row['id'];
if (isset($_POST['submit'])) {
if ($hash == 0) {
header('location: index.php?fillpassword');
exit();
}
else{
$sql = "SELECT * FROM members WHERE email='$email' AND password='$hash_password'";
$result = mysqli_query($conn, $sql);
if (!$row = mysqli_fetch_assoc($result)) {
echo "<script>alert('You have no access here. You must login.')</script>";
header ("Location: ../index.php?erorr=noaccess");
}
}
}
?>
main.php
<?php
if ($_SESSION['id'] = $row['id']) {
echo "<form method='POST' action='".setComments($conn)."' enctype='multipart/form-data'>
<input type='hidden' name='size' value='1000000'>
<input type='file' name='image' value='Upload photo'>
<textarea name='text' rows='8' cols='80'></textarea>
<br/>
<input type='submit' name='upload' value='Submit'>
</form>";
}
?>
You have to add a session_start at the begin of your script.
If you don't want to have php's warning when the session is destroyed add also a check to see if the session is still there:
if(isset($_SESSION['password')){ [..] }
Maybe you used dreamweaver , the dreamweaver add hidden some charackters, you can check or remove it by HXD software . Download it from here .
FORM
<!DOCTYPE HTML>
<html>
<head>
<title>
</title>
</head>
<body>
<form id='updateholder' action='updateacc.php' method='post'>
<fieldset >
<legend>Update Account</legend>
Username:
<input type='text' name='username' id='username' value = "<?php echo $row['user_Username']?>"/>
Current Password:
<input type='text' name='curpassword' id='curpassword' value = "" maxlength="50" />
New Password:
<input type='text' name='confirm' id='newpassword' value = "" maxlength="50" />
Confirm New Password:
<input type='text' name='confirm' id='confirmpassword' value = "" maxlength="50" />
Middle Name:
<input type='text' name='middlename' id='middlename' value = "<?php echo $row['user_Mname']?>"/>
Last Name:
<input type='text' name='lastname' id='lastname' value = "<?php echo $row['user_Lname']?>"/>
<input type='Submit' name='Submit' value='Submit' />
</fieldset>
</form>
LOGOUT
</body>
</html>
Update.php
<?php
session_start();
include('dbconn.php');
$user_ID = $_SESSION['user_ID'] ;
$sql = "SELECT * FROM tbl_user WHERE user_ID = '$user_ID'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
if (isset($_POST['Submit'])) {
$username = $_POST["username"];
$curpassword = $_POST["curpassword"];
$middlename = $_POST["middlename"];
$lastname = $_POST["lastname"];
$username = trim(mysqli_escape_string($con, $username));
$curpassword = trim(mysqli_escape_string($con, $curpassword));
$middlename = trim(mysqli_escape_string($con, $middlename));
$lastname = trim(mysqli_escape_string($con, $lastname));
$sql2= "SELECT user_Username FROM tbl_user WHERE user_Username='$username'";
$sql3= "SELECT user_Password FROM tbl_user WHERE user_ID='$accholder_ID'";
$result2 = mysqli_query($con, $sql2);
$result3 = mysqli_query($con, $sql3);
$row2 = mysqli_fetch_array($result, MYSQLI_ASSOC);
$row3 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
if (mysqli_num_rows($result) == 1) {
echo "Sorry...This Username already exist..";
} else {
$query = mysqli_query($con, "Update tbl_user SET user_Mname = "$middlename", user_Lname = "$lastname", user_Username = "$username", user_Password = "$curpassword"");
if ($query) {
echo "Account Updated";
}
}
}
?>
I have a Code here that shows the data of the tbl_user in html form
but when it checks if the username existed
it will always echo "Sorry...This Username already exist.."
Since it will also include his own existing username in the check if it is submitted
Is there a way to bypass the check if the Username is unchanged
If you want to bypass check for unchanged username just add one check like:
Example:
if(trim($_POST["username"]) == $row['user_Username']){
//return unchanged username stuff
}
else{
// your stuff for changed username
}
If form value and database values are same it means username is unchanged else changed.
You can check directly by
if($_POST["username"] == $row['user_Username'])
{
echo "User Name Matched";
}
else
{
echo "Unique User Name";
}
I have a registration form. In the database, the username and email are unique index. When the form submits and username or email are already present in the database, the values are not inserted. I want to notify the user that the values were not inserted. How can i do this?
HTML
<form action="register.php" method="post" id="reg" onsubmit='return validate();'>
Company Name:
<input type="text" class="inputs" name="name" id="name" /><br />
Email:
<input type="text" class="inputs" name="email" id="txtEmail" /><br />
User name:
<input type="text" class="inputs" name="uname" id="uname"/><br />
Password:
<input type="password" class="inputs" name="pass" id="pass1"/><br />
Conferm Password:
<input type="password" class="inputs" name="cpass" id="pass2"/><br /><br />
<input type="submit" value="Register" class="button" />
</form>
register.php:
include ("db.php");
if (isset($_POST['register'])) {
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
mysqli_query($con,"INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','')");
}
*Sweet And Short *
First check that username or email is exist or not using select query if resulting is 0 (it means not exists), Insert query will run ahead
<?php
if($_POST['register']){
$uname = $_POST['uname'];
$email = $_POST['email'];
$name= $_POST['name'];
$pass= $_POST['pass'];
$result = mysqli_query($con, 'SELECT * from TABLE_NAME where email_id = "'.$email.'" or username = "'.$uname.'" ');
if(mysqli_num_rows($result) > 0){
echo "Username or email already exists.";
}else{
$query = mysqli_query($con , 'INSERT INTO TABLE_NAME (`email_id`, `username`,`name`,`pass`) VALUES("'.$email.'", "'.$email.'", "'.$uname.'","'.$name.'", "'.$pass.'")');
if($query){
echo "data are inserted successfully.";
}else{
echo "failed to insert data.";
}
}
}
?>
The query method would return true or false, depending on if the row has been inserted or not.
Try the following Code
include ("db.php");
if (isset($_POST['register']))
{
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
$var = mysqli_query('SELECT * from company_profile where email_id = "'.$email.'" or username = "'.$uname.'" ');
$num = mysqli_num_rows($var);
if($num==0)
{
$result = INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','');
$res = mysqli_query($result);
if($res)
{
echo "Records Inserted Successfully!!";
}
else
{
echo "Records Inserted Failed!!";
}
}
else
{
echo "User with the Details Already exists!!"
}
}
I found this good tutorial on creating a login/register system using PhP and MySQL.
The forum is around 5 years old (edited last year) but it can still be usefull.
Beginner Simple Register-Login system
There seems to be an issue with both login and register pages.
<?php
function register_form(){
$date = date('D, M, Y');
echo "<form action='?act=register' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."Confirm your password: <input type='password' name='password_conf' size='30'><br>"
."Email: <input type='text' name='email' size='30'><br>"
."<input type='hidden' name='date' value='$date'>"
."<input type='submit' value='Register'>"
."</form>";
}
function register(){
$connect = mysql_connect("host", "username", "password");
if(!$connect){
die(mysql_error());
}
$select_db = mysql_select_db("database", $connect);
if(!$select_db){
die(mysql_error());
}
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$pass_conf = $_REQUEST['password_conf'];
$email = $_REQUEST['email'];
$date = $_REQUEST['date'];
if(empty($username)){
die("Please enter your username!<br>");
}
if(empty($password)){
die("Please enter your password!<br>");
}
if(empty($pass_conf)){
die("Please confirm your password!<br>");
}
if(empty($email)){
die("Please enter your email!");
}
$user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$do_user_check = mysql_num_rows($user_check);
$email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$do_email_check = mysql_num_rows($email_check);
if($do_user_check > 0){
die("Username is already in use!<br>");
}
if($do_email_check > 0){
die("Email is already in use!");
}
if($password != $pass_conf){
die("Passwords don't match!");
}
$insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
if(!$insert){
die("There's little problem: ".mysql_error());
}
echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>";
}
switch($act){
default;
register_form();
break;
case "register";
register();
break;
}
?>
Once pressed the register button the page does nothing, fields are erased and no data is added inside the database or error given.
I tought that the problem might be the switch($act){ part so I removed it and changed the page using a require
require('connect.php');
where connect.php is
<?php
mysql_connect("localhost","host","password");
mysql_select_db("database");
?>
Removed the function register_form(){ and echo part turning it into an HTML code:
<form action='register' method='post'>
Username: <input type='text' name='username' size='30'><br>
Password: <input type='password' name='password' size='30'><br>
Confirm your password: <input type='password' name='password_conf' size='30'><br>
Email: <input type='text' name='email' size='30'><br>
<input type='hidden' name='date' value='$date'>
<input type='submit' name="register" value='Register'>
</form>
And instead of having a function register(){ I replaced it with a if($register){
So when the Register button is pressed it runs the php code, but this edit doesn't seem to work either. So what can the problem be? If needed I can re-add this code on my Domain
The login page has the same issue, nothing happens when the button is pressed beside emptying the fields.
Did you echo the $_REQUEST data and checked if they are being grabbed correctly?
<?php
if (!isset($_POST))
register_form();
else
register();
Change switch part with the code above.
Nevermind guys I found a different tutorial with video demonstration. Works like a charm.
My Page
Added the Login/Register system.
Tutorial if anyone needs it. Thanks for answering tho I appreciate it and will +1 them.
Hey guys i had a similar problem before but i scraped that idea. Now basically my system allows my users to input there data into the fields and if they submit it the information will go to the database. Now for some reason the data does not go and i am presented with the echo that i stored in my else statement which was " echo" try again later" ;"
Now i have gone back into the database and looked at all the fileds and there correct names and placed them into the query but nothing gets stored into the db. Now you may be thinking whats the file on top called connect.inc.php in my code this is its basically a script in php which connects to the server.
here is my code pleas have a look thank you :)
<?php
//require 'core.inc.php';
include 'connect.inc.php';
if(isset($_POST['Username'])&& isset($_POST['Password']) && isset($_POST['PasswordAgain'])&& isset($_POST['Firstname'])&& isset($_POST['Lastname'])){
$username = $_POST['Username'];
$password = $_POST['Password'];
$password_again = $_POST['PasswordAgain'];
$Firstname = $_POST['Firstname'];
$password_hash = md5($password);
$Lastname = $_POST['Lastname'];
if(!empty($username)&& !empty($password) && !empty($password_again) && !empty($Firstname) && !empty($Lastname)){
if ($password !== $password_again) {
echo "passwords do not match";
}
else{
$query = "SELECT username FROM members WHERE username = '$username'";
$query_run = mysql_query($query);
if(mysql_num_rows($query_run )==1){
echo "The username ". $username ." is taken";
}else{
$query = "INSERT INTO members VALUES ('','Firstname','Lastname','Username','Password')";
if ($query_run = mysql_query($query)){
echo "Well done";
}else{
echo "Sorry we couldn't register at this time. Please try again later thank you";
}
}
}
}
else{
echo "Please fill in all the details thank you ";
}
}
?>
<form action="join.inc.php" method="post">
Username: <input type="text" name="Username" value="<?php echo $username; ?>" /><br />
Password: <input type="password" name="Password" /><br />
Password Again: <input type="password" name="PasswordAgain" /><br />
FirstName: <input type="text" name ="Firstname" value="<?php echo $Lastname; ?>" /><br />
LastName: <input type="text" name ="Lastname" value="<?php echo $Firstname ?>" /><br />
<input type="submit" value="SUBMIT" />
</form>
Connect Script
I would recommend explicitly stating the columns used in your INSERT statement.
INSERT INTO members (`field1`, `field2`, ...)
VALUES ('','Firstname','Lastname','Username','Password')
Also, what is the blank value you are trying to insert? If that field is an AUTO_INCREMENT field, you should not include it in the VALUES declaration.
Try this :
INSERT INTO members (`field1`, `field2`, ...)
VALUES ('','$Firstname','$Lastname','$Username','$password_hash')
IF your first field is auto_increment
omit the field1 as shown below
INSERT INTO members (`field2`,`field3`,...)
VALUES ('field2Val','field3Val',...);
password !== $password_again
should be
password != $password_again
enable error_reporting and see whats wrong actually, is the ID first field auto increment?
if that's auto increment your query will execute but if its not auto increment and set to PK only it wont insert records and raise duplicate key error.
hope this helps
Try changing to:
$query = "INSERT INTO members VALUES ('". $Firstname."','". $Lastname. "','" .$username. "','" .$password_hash. "')";
$result = mysql_query($query);
if (!$result){
echo "Sorry we couldn't register at this time. Please try again later thank you";
}else{
echo "Well done";
}
you should use something like this.
$query = "insert into members (id,username) values ('','$username')";